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Existent protocol/implementation . Infrastructure : PK1 



Present invention protocol/implementation . NO PKl 



«Web Client» 
message M 



entry/ M [State : plain] 

do/ Me=encrypt(M) 

exit/ Me [State : encrypted] 
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«Web Client» 
message m 

entry/ m [State : plain] 

do/ me=encrypt(m) 

exit/ me [State : encrypted] 



send( Me ) 



«Web Server» 
Secure Server 



send(me) 



entry/ Me [State : encrypted] 

do/ M=decrypt(Me) 

event M [State : PLAIN]/ deploy(M) 

do/ Mel=encrypt(M) 

exit/ Me1 [State : encrypted] 



«Web Server» 
Server 



send(me) 



send(Mel) 



«Operator» 
Terminal 



entry/ Me1 [State : encrypted] 

do/ M=decrypt(Me1) 

event M [State : PLAIN]/ perform(M} 



«Operator» 
End Point 



entry/ me [State : encrypted] 
exit/ me [State : encrypted] 



entry/ me [State : encrypted] 

do/ M=decrypt(rne) 

event M [State : PLAIN]/ perform(M) 
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Private information flow comparison 



Existent 



Secure Server / Third Party 
"Solutions" 



Present invention 



Web Client 
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Web Server 



— M 1 ) 

«Terminal»L/ 
Operator | 
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Client private 
information in 
plain, 

Unencrypted 
form 




Client private 
information 
unknown or 

yFtoer 
alias 



Encrypted 
form 



40 



1 



3: ck==gener^eCommmk^tionKey(cardr4r,pai^eter^ 



CommunicattonKey 
ck represents 
the encrypted 
equivalent of the j 
Card number j 
-.cardNr j 




7: pefformTransact}oo(cardNr) 
6: cardNr=authenticateaie^(ck) - 
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2. requestForCardNr 

c 



44^| 

^4: sendCommunicationKey(ck) 

41 — | 

1: requestForPurchase 




CardNrl 
CardNr2 



^ Card number cardNr 

j represents the 

| decrypted equivalent 

! of the 

I communicattonKey ck 



8: responseToRequestFpTransaction 



9: responseToRequestForPurchase 




// 

/c :requestForTransaction(ck) 
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The communicationKey ck has 
no meaning for the Web Server, 
which is used onty like a carrier 
for this specific information, in 
contrast with the existing 
solutions, where instead of ck, 
the Card number is used. 



Any attempt to use the 
communicationKey ck more 
than once results in an 
authentication failure and 
therefore the Card number 
remains unknown to any third 
party involved in the 
transaction between the Client 
k^and the Bank 
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A context 



51 

requestForContext( ) 



54 



generate EncryptedContextO 



55 



sendEncryptedContextQ 



ThirdParty 
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B context 
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sendEncryptedContextForAuthentication() 
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decryptContextAndAuthenticate( ) 

<F:;_: 
_ 58 
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«seiect parameterized context H contextParam H » 
contextParam = f (context, parameter) 



where context e Z, parameter eP.PcZ 
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«select secret key "p w » 
p = g(contextParam) 



62 ^Vi where p is prime, p > 2 
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«select secret key M n"» 
n = h(context,parameter) 



64 



where n e Z, n > 0 


\ 


/ 


«select modulus "m"» 


m ~ 


p A n 


where m e Z, m > Q 




j 
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«select encryption key V» 
a = k(context, parameter) 

where a e M m , (a,9(m)) = 1, 6(m) = p n (1 - 1/p) 
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«select communication key M a1"» 
a1 

where a1 e M m , (a1,9(m)) = 1, a*a1~1 mod G(m) 




Input : a 1 - communication key 



~~\ { «select list L of of possible candidates» \ 

L ! 



r ± ^ 

72 «select element from list L» 



73 n 
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f «select parameterized context "contextParam 1 
contextParam = f(z,parameter) 



» 
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«select secret key "p"» \ 
p = g(contextParam) j 
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«select secret key "n"» 
n = h(z.parameter) 
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«select modulus M m n » ^ 



m = p A n 



J 



f «se7ect encryption key 
p = k(z, parameter) 




enticatio{T>>^ 
=1mod9(m) 



80^ 




{ «e!ement found» 
zO 



no 
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Input ; communication key 
a 1 derived from context 
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82 



Select list L of possible 
candidates for context 



83 



Select element z from Est L 
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Select parameterized context 
'contextParam' 

contextParam = ^parameter) 
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Select secret key 'p' 
p = g(contextParam) 



Select secret key ; n 5 
n = h(z ? parameter) 



Select modulus 


'm' 


m = p n 
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Solve ecuation 

al * x- 1 mod 6(m) 



90 ^\ 
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Element found zO 



no 
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Input: context 



I 



101 compute modulus m derived from context 



102 -\ 



retrieve previouslncrement for context 



103 increment = next(previous!ncrement) 



104' 



a = k(context, increment) 



105 /"Y 



send communication key al, where a * al = 1 mod 0(m) 
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select z from list L 



1 

compute modulus m z c 


r 

ierived from z 




r 


retrieve previous!ncrement 2 for z 




f 


, solve x * al = 1 mod 0( m z ) 
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celiularlD represents the cell \ 
phone id code, such as ESN and/or j 
MiN,where ESN=E!ectronic Serial | 
Number and ! 
MIN=Mobile IdentificationNumber. j 
ck represents the encrypted 
equivalent of the celiularlD and a 
parameter such as a counter and/or 
date/time stamp. 

^ 



| the carrier(ceilular phone r 
i company) processes the request 
if the communication key was 
derived from any of various key 
data from a previously provided 
data pool related to the client, 
such as the ceH phone id code, 
in combination with a parameter 
such as a counter and date/time 
k ^stamp. 



FIGURE 9 



